1. Field of the Invention
Principles of the invention relate generally to network security and, more particularly, to managing session timeouts in a network device.
2. Description of Related Art
A corporation may protect its network in a number of different ways. For example, a corporate security infrastructure may include firewalls, intrusion detection, Uniform Resource Locator (URL) filtering, and content inspection. Further, corporations may enforce certain procedures that must be followed by employees who wish to use processing devices to access the corporate network from within the office.
Telecommuters, mobile employees, remote business partners, etc. may desire remote access to a corporate network. At least some of these users may wish to access the corporate network over the Internet or via another network or group of networks.
One class of secure remote access technology that is gaining in popularity is the so-called Secure Sockets Layer (SSL) Virtual Private Network (VPN) connection. SSL VPNs compete with IP Security Protocol (IPSec) VPNs and have a number of potential advantages over IPSec VPNs, including application access flexibility, high security, and overall simplicity.
SSL VPNs may be implemented through an SSL VPN gateway device, which makes client/server applications available to remote users (“clients”) through standard Internet browser software. The “back-end” server devices in a corporate network can securely connect with remote clients using security provided through an SSL connection, which is typically a standard feature in browsers. The SSL VPN gateway may operate in the application layer to communicate with the back-end servers and then transmit the information obtained from the back-end servers to the client's web browser. The back-end servers may be executing various corporate applications. The SSL VPN gateway may use built-in “screen scraping” protocols to split the emulation and display processing of the corporate applications so that only the applications' display is sent to the client browser. In this manner, corporate resources/applications can be made available to remote clients without requiring significant customization of the client computers.
One security policy that is frequently enforced in SSL VPN gateways is one that automatically logs users out after a predetermined time period of inactivity (a “timeout”). For instance, if a user walks away from a computer but forgets to log out, by timing out the client, the client will not be indefinitely connected to the protected corporate intranet. Accordingly, it is desirable to ensure that this type of automatic logout based on user inactivity is as accurate as possible in detecting when a user becomes inactive.